package org.llu.urldirect.controller;

import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;


public class SecurityCheck {
    //    白名单域名
    public static final String[] ALLOWED_DOMAINS = {
            "baidu.com",
            "qq.com",
    };

    /**
     *  安全检查需求：只允许跳转到  *.baidu.com
     * @param url
     * @return
     */
    public static boolean checkUrl(String url) {
        UriComponents uriString = UriComponentsBuilder.fromUriString(url).build(true);
        String host = uriString.getHost();
        for (String domain : ALLOWED_DOMAINS) {
            if (!StringUtils.isEmpty(host) && host.endsWith(domain) ) {
                return true;
            }
        }
        return false;
    }
}
